## https://sploitus.com/exploit?id=48BC0C0B-1BC9-5D84-ACDE-1F01774FE8A4
binary-exploitation
A collection of binary exploitation challenges in C designed to teach software security and reverse engineering. Includes source, binaries, and walkthroughs.
Repository Structure â˘
Challenges â˘
Override â˘
Rainfall â˘
Getting Started â˘
Prerequisites
Dive into the world of software security with this curated collection of binary exploitation challenges. Designed as a practical training ground, this repository provides hands-on experience in reverse engineering, vulnerability analysis, and exploit development. Each challenge is self-contained, offering vulnerable C source code, a compiled binary, and a detailed walkthrough to guide your learning.
## Key Concepts Covered
These challenges are crafted to build a strong foundation in core binary exploitation concepts, including:
* **Stack-Based Buffer Overflows:** Learn to overwrite the stack to control program execution.
* **Reverse Engineering:** Analyze compiled binaries to understand their functionality and find weaknesses.
* **Exploit Development:** Write scripts to reliably exploit vulnerabilities and gain control.
* **Shellcoding:** Craft and inject custom payloads to achieve arbitrary code execution.
* **Format String Vulnerabilities:** Abuse format string functions to read from or write to arbitrary memory locations.
* **Bypassing Security Mitigations:** Understand and circumvent basic security protections.
## Getting Started
To effectively tackle these challenges, you'll need a suitable environment and a few essential tools. A 32-bit Linux virtual machine is highly recommended, as the binaries are compiled for this architecture.
### Recommended Tools
* **Operating System:** A 32-bit Debian-based Linux distribution (e.g., Ubuntu 18.04 32-bit, Kali Linux).
* **Debugger:** GDB (The GNU Project Debugger), enhanced with a plugin like [GEF](https://github.com/hugsy/gef), [pwndbg](https://github.com/pwndbg/pwndbg), or [PEDA](https://github.com/longld/peda).
* **Compiler:** GCC for compiling any helper code or shellcode.
* **Exploitation Framework:** Python 3 with the [pwntools](https://github.com/Gallopsled/pwntools) library is the standard for modern exploit development.
## How to Approach the Challenges
Each challenge is designed to be a standalone learning module. Follow these steps for a structured approach:
1. **Select a Challenge:** Start with `override/level00` and progress sequentially.
2. **Analyze the Source:** Read the `source.c` file to understand the program's intended behavior and identify potential logical flaws or vulnerabilities.
3. **Debug the Binary:** Use GDB to step through the program's execution. Examine the stack, registers, and memory to confirm your understanding and plan your exploit.
4. **Develop the Exploit:** Write a script (e.g., using Python and pwntools) to send a crafted payload to the vulnerable binary.
5. **Capture the Flag:** Run your exploit to successfully take control of the program and read the contents of the `flag` file. If you get stuck, the `walkthrough.md` provides hints and a complete solution.
## Repository Structure
The challenges are organized into two suites: `override` and `rainfall`. Every challenge directory follows a consistent layout:
* `source.c`: The vulnerable C source code.
* `flag`: The target file to be read upon successful exploitation.
* `walkthrough.md`: A step-by-step guide explaining the vulnerability and the exploit process.
* `Ressources/`: Contains the compiled binary and any supplementary files (e.g., exploit scripts, helper code).
## Challenge Index
### Override Suite
This suite contains the core set of challenges, increasing in difficulty.
| Challenge | Directory | Source Code | Walkthrough |
| :-------- | :--------------------------------------- | :--------------------------------------- | :----------------------------------------- |
| `level00` | [`override/level00`](./override/level00) | [`source.c`](./override/level00/source.c) | [`walkthrough.md`](./override/level00/walkthrough.md) |
| `level01` | [`override/level01`](./override/level01) | [`source.c`](./override/level01/source.c) | [`walkthrough.md`](./override/level01/walkthrough.md) |
| `level02` | [`override/level02`](./override/level02) | [`source.c`](./override/level02/source.c) | [`walkthrough.md`](./override/level02/walkthrough.md) |
| `level03` | [`override/level03`](./override/level03) | [`source.c`](./override/level03/source.c) | [`walkthrough.md`](./override/level03/walkthrough.md) |
| `level04` | [`override/level04`](./override/level04) | [`source.c`](./override/level04/source.c) | [`walkthrough.md`](./override/level04/walkthrough.md) |
| `level05` | [`override/level05`](./override/level05) | [`source.c`](./override/level05/source.c) | [`walkthrough.md`](./override/level05/walkthrough.md) |
| `level06` | [`override/level06`](./override/level06) | [`source.c`](./override/level06/source.c) | [`walkthrough.md`](./override/level06/walkthrough.md) |
| `level07` | [`override/level07`](./override/level07) | [`source.c`](./override/level07/source.c) | [`walkthrough.md`](./override/level07/walkthrough.md) |
| `level08` | [`override/level08`](./override/level08) | [`source.c`](./override/level08/source.c) | [`walkthrough.md`](./override/level08/walkthrough.md) |
| `level09` | [`override/level09`](./override/level09) | [`source.c`](./override/level09/source.c) | [`walkthrough.md`](./override/level09/walkthrough.md) |
### Rainfall Suite
This suite contains bonus challenges that explore different or more complex concepts.
| Challenge | Directory | Source Code | Walkthrough |
| :-------- | :------------------------------------- | :------------------------------------- | :--------------------------------------- |
| `bonus0` | [`rainfall/bonus0`](./rainfall/bonus0) | [`source.c`](./rainfall/bonus0/source.c) | [`walkthrough.md`](./rainfall/bonus0/walkthrough.md) |
| `bonus1` | [`rainfall/bonus1`](./rainfall/bonus1) | [`source.c`](./rainfall/bonus1/source.c) | [`walkthrough.md`](./rainfall/bonus1/walkthrough.md) |
| `bonus2` | [`rainfall/bonus2`](./rainfall/bonus2) | [`source.c`](./rainfall/bonus2/source.c) | [`walkthrough.md`](./rainfall/bonus2/walkthrough.md) |
## License
This project is licensed under the MIT License. See the [LICENSE](./LICENSE) file for details.